Fix escaping.

actions/ql/lib/codeql/actions/security/ArtifactPoisoningQuery.qll

@@ -264,7 +264,7 @@ class ArtifactPoisoningSink extends DataFlow::Node {
     download.getAFollowingStep() = poisonable and
     // excluding artifacts downloaded to /tmp and runner.tmp
     not download.getPath().regexpMatch("^/tmp.*") and
-    not download.getPath().regexpMatch("^\${{\s?runner.temp\s?}}.*") and
+    not download.getPath().regexpMatch("^\\${{\\s?runner.temp\\s?}}.*") and
     (
       poisonable.(Run).getScript() = this.asExpr() and
       (